module documentation

Implementation of a TLS transport (ISSLTransport) as an IProtocol layered on top of any ITransport implementation, based on OpenSSL's memory BIO features.

TLSMemoryBIOFactory is a WrappingFactory which wraps protocols created by the factory it wraps with TLSMemoryBIOProtocol. TLSMemoryBIOProtocol intercedes between the underlying transport and the wrapped protocol to implement SSL and TLS. Typical usage of this module looks like this:

    from twisted.protocols.tls import TLSMemoryBIOFactory
    from twisted.internet.protocol import ServerFactory
    from twisted.internet.ssl import PrivateCertificate
    from twisted.internet import reactor

    from someapplication import ApplicationProtocol

    serverFactory = ServerFactory()
    serverFactory.protocol = ApplicationProtocol
    certificate = PrivateCertificate.loadPEM(certPEMData)
    contextFactory = certificate.options()
    tlsFactory = TLSMemoryBIOFactory(contextFactory, False, serverFactory)
    reactor.listenTCP(12345, tlsFactory)

This API offers somewhat more flexibility than twisted.internet.interfaces.IReactorSSL; for example, a TLSMemoryBIOProtocol instance can use another instance of TLSMemoryBIOProtocol as its transport, yielding TLS over TLS - useful to implement onion routing. It can also be used to run TLS over unusual transports, such as UNIX sockets and stdio.

Class BufferingTLSTransport A TLS transport implemented by wrapping buffering around a TLSMemoryBIOProtocol.
Class TLSMemoryBIOFactory TLSMemoryBIOFactory adds TLS to connections.
Class TLSMemoryBIOProtocol TLSMemoryBIOProtocol is a protocol wrapper which uses OpenSSL via a memory BIO to encrypt bytes written to it before sending them on to the underlying transport and decrypts bytes received from the underlying transport before delivering them to the wrapped protocol.
Class _AggregateSmallWrites Aggregate small writes so they get written in large batches.
Class _ContextFactoryToConnectionFactory Adapter wrapping a twisted.internet.interfaces.IOpenSSLContextFactory into a IOpenSSLClientConnectionCreator or IOpenSSLServerConnectionCreator.
Class _ProducerMembrane Stand-in for producer registered with a TLSMemoryBIOProtocol transport.
Function _get_default_clock Return the default reactor.
Function _representsEOF Does the given OpenSSL.SSL.Error represent an end-of-file?
def _get_default_clock() -> IReactorTime: (source)

Return the default reactor.

This is a function so it can be monkey-patched in tests, specifically twisted.web.test.test_agent.

def _representsEOF(exceptionObject: Error) -> bool: (source)

Does the given OpenSSL.SSL.Error represent an end-of-file?